Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a few accounts used as service account, I am wondering is there a way to let the user id work but can not accessed from out side, for example, if user try to ssh by using this id, the server will refuse the request.
Nope. That will disallow any login attempts for that account. I'm not sure if there is a way to only disallow logins on certain accounts from the outside...
-:deny_this_account and_this_one etc etc_etc:ALL EXCEPT LOCAL
The term 'account' applies to users and groups. The primary group of a user is not consulted, however, so you might want to create a group (no_remote), and add all users that you want to deny remote logins to that group, the use: '-:no_remote:ALL EXCEPT LOCAL'.
I have a few accounts used as service account, I am wondering is there a way to let the user id work but can not accessed from out side, for example, if user try to ssh by using this id, the server will refuse the request.
You should use the DenyGroups and DenyUsers directives.
"man sshd_config" for more info.
Originally posted by beltorak edit '/etc/login.access'; add the following line:
Code:
-:deny_this_account and_this_one etc etc_etc:ALL EXCEPT LOCAL
The term 'account' applies to users and groups. The primary group of a user is not consulted, however, so you might want to create a group (no_remote), and add all users that you want to deny remote logins to that group, the use: '-:no_remote:ALL EXCEPT LOCAL'.
-t.
This does not work for ssh, I am guessing it must be something about telnet?
Ahh; so you are right... silly me. Try the file '/etc/ssh/sshd_config'. Read the man page for it, and look at the entries for "AllowGroups', 'AllowUsers', 'DenyGroups', and 'DenyUsers'.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.